updated encryption section

updated encryption section

Author: ramankumarlive

includes/virtual-machines-faq-for-disks.md

@@ -254,32 +254,6 @@ All Azure regions now support Standard SSD disks.
 **Is Azure Backup available when using Standard SSDs?**
 Yes, Azure Backup is now available.
 
-**How do I create Standard SSD disks?**
-You can create Standard SSD disks using Azure Resource Manager templates, SDK, PowerShell, or CLI. Below are the parameters needed in the Resource Manager template to create Standard SSD Disks:
-
-* *apiVersion* for Microsoft.Compute must be set as `2018-04-01` (or later)
-* Specify *managedDisk.storageAccountType* as `StandardSSD_LRS`
-
-The following example shows the *properties.storageProfile.osDisk* section for a VM that uses Standard SSD Disks:
-
-```json
-"osDisk": {
-    "osType": "Windows",
-    "name": "myOsDisk",
-    "caching": "ReadWrite",
-    "createOption": "FromImage",
-    "managedDisk": {
-        "storageAccountType": "StandardSSD_LRS"
-    }
-}
-```
-
-For a complete template example of how to create a Standard SSD disk with a template, see [Create a VM from a Windows Image with Standard SSD Data Disks](https://github.com/azure/azure-quickstart-templates/tree/master/101-vm-with-standardssd-disk/).
-
-**Can I convert my existing disks to Standard SSD?**
-Yes, you can. Refer to [Convert Azure managed disks storage from standard to premium, and vice versa](https://docs.microsoft.com/azure/virtual-machines/windows/convert-disk-storage) for the general guidelines for converting Managed Disks. And, use the following value to update the disk type to Standard SSD.
-    -AccountType StandardSSD_LRS
-
 **What is the benefit of using Standard SSD disks instead of HDD?**
 Standard SSD disks deliver better latency, consistency, availability, and reliability compared to HDD disks. Application workloads run a lot more smoothly on Standard SSD because of that. Note, Premium SSD disks are the recommended solution for most IO-intensive production workloads.
 
@@ -329,40 +303,37 @@ Yes
 
 ## Managed Disks and Storage Service Encryption
 
-**Is Azure Storage Service Encryption enabled by default when I create a managed disk?**
+**Is Server-side Encryption enabled by default when I create a managed disk?**
 
-Yes.
+Yes. Managed Disks are encrypted with server-side encryption with platform managed keys. 
 
 **Is the boot volume encrypted by default on a managed disk?**
 
 Yes. By default, all managed disks are encrypted, including the OS disk.
 
 **Who manages the encryption keys?**
 
-Microsoft manages the encryption keys.
+Platform managed keys are managed by Microsoft. You can also use and manage your own keys stored in Azure Key Vault. 
 
-**Can I disable Storage Service Encryption for my managed disks?**
+**Can I disable Server-side Encryption for my managed disks?**
 
 No.
 
-**Is Storage Service Encryption only available in specific regions?**
+**Is Server-side Encryption only available in specific regions?**
 
-No. It's available in all the regions where Managed Disks are available. Managed Disks is available in all public regions and Germany. It is also available in China, however, only for Microsoft managed keys, not customer managed keys.
+No. Server-side Encryption with both platform and customer managed keys are available in all the regions where Managed Disks are available. 
 
-**How can I find out if my managed disk is encrypted?**
+**Does Azure Site Recovery support server-side encryption with customer-managed key for on-premises to Azure and Azure to Azure disaster recovery scenarios?**
 
-You can find out the time when a managed disk was created from the Azure portal, the Azure CLI, and PowerShell. If the time is after June 9, 2017, then your disk is encrypted.
+Yes. 
 
-**How can I encrypt my existing disks that were created before June 10, 2017?**
+**Can I backup Managed Disks encrypted with server-side encryption with customer-managed key using Azure Backup service?**
 
-As of June 10, 2017, new data written to existing managed disks is automatically encrypted. We are also planning to encrypt existing data, and the encryption will happen asynchronously in the background. If you must encrypt existing data now, create a copy of your disk. New disks will be encrypted.
-
-* [Copy managed disks by using the Azure CLI](../articles/virtual-machines/scripts/virtual-machines-linux-cli-sample-copy-managed-disks-to-same-or-different-subscription.md?toc=%2fcli%2fmodule%2ftoc.json)
-* [Copy managed disks by using PowerShell](../articles/virtual-machines/scripts/virtual-machines-windows-powershell-sample-copy-managed-disks-to-same-or-different-subscription.md?toc=%2fcli%2fmodule%2ftoc.json)
+Yes.
 
 **Are managed snapshots and images encrypted?**
 
-Yes. All managed snapshots and images created after June 9, 2017, are automatically encrypted. 
+Yes. All managed snapshots and images are automatically encrypted. 
 
 **Can I convert VMs with unmanaged disks that are located on storage accounts that are or were previously encrypted to managed disks?**